CVE-2020-1739

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-1739
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1739.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-1739
Aliases
Downstream
Related
Published
2020-03-12T18:15:12Z
Modified
2025-09-30T07:52:28.207022Z
Severity
  • 3.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.

References

Affected packages

Git / github.com/ansible/ansible

Affected versions

v2.*

v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.9.0
v2.9.1
v2.9.2
v2.9.3
v2.9.4
v2.9.5